by Jay Heiser | August 29, 2012 | Comments Off
Replacing a button on one of my customer-facing shirts this weekend motivated some thoughts on resiliency. Why did the button fall off in the first place? It was sewn on by machine, a clever bit of automation that is based on interlocking threads from the top of the garment with threads from the bottom. It [...]
Comments Off
Category: risk management Tags: resiliance, resiliency
by Jay Heiser | August 13, 2012 | 2 Comments
Has anyone ever created a web-based application that wasn’t flaky and prone to data loss? Every time Facebook comes out with some new functionality, the entire service gets slower, and harder to use. I’m not sure that there could be a more efficient way to lose text as it is entered than by trying to [...]
Category: Applications Tags: client server, HTML5, malware, reliability, www
by Jay Heiser | August 10, 2012 | 2 Comments
The process in which the buyer asks a random list of questions that might have some minor relevance to some aspect of a provider’s security posture, and the potential provider pretends to answer them.
Category: Cloud risk management security Tags: cloud computing risk, cloud security standards, risk assessment, security
by Jay Heiser | August 8, 2012 | Comments Off
I was recently forced to change my password on a UK pension system, and my first 4 password offerings were unacceptable. I was baffled as to what part of the password didn’t meet the requirements. Today, I needed to login and review a pay stub, had to reset my password, and the exact same thing [...]
Comments Off
Category: Cloud security Tags: authentication, password complexity, password reuse, password slurping, passwords
by Jay Heiser | August 7, 2012 | Comments Off
The financial sector links otherwise weakly coupled economic sectors, particularly during economic declines. Such links increase economic risk and the extent of cascading failures. Our results suggest that firewalls between financial services for different sectors would reduce systemic risk without hampering economic growth. From “Networks of Economic Market Interdependence and Systemic Risk”, by Dion Harmon, [...]
Comments Off
Category: risk management Tags: complexity, risk, systemic risk
by Jay Heiser | August 3, 2012 | Comments Off
If you wanted to sabotage a trading system, you might set out to design suicide mechanisms that look very much like today’s automated trading mechanisms. Blaming Knight Capital’s screwed pooch on ‘software bug’ is a simplistic and flawed starting point for understanding the bigger risk picture. Automated mechanisms within trading systems act as positive feedback [...]
Comments Off
Category: Policy risk management Strategic Planning Tags: brittleness, cascading failure, reliability, resiliency, systemic risk, too big to fail
by Jay Heiser | August 1, 2012 | 1 Comment
I spent a frustrating 5 minutes this weekend enduring a forced password change on a retirement account containing $400. I was sure that the randomly generated and completely unmemorizable string my password utility came up with exceeded 7 characters, contained upper and lower case letters, at least 1 number, and a special character. It finally [...]
Category: security Tags: authentication, Dropbox, hacking, password slurping, passwords, SaaS security, security
